By Jacques de La Rivière, CEO, Gatewatcher
From July 26 to September 8 next year, Paris will host the 2024 Olympic and Paralympic Games. With less than a year before the start of the competition, the French authorities are preparing to face the multiple cyber threats facing this global event.
Whilst the 2023 Rugby World Cup will likely serve as a ‘dry run’ for the French authorities, one of the main concerns that has already arisen has been the ability to respond quickly, in the face of cyber threats and attack vectors still unknown.
A perfect storm and an exposed target
Such advance thinking is especially warranted. The symbolism of the Olympic Games, and Paris’ recent history as a terrorist target, will mee the current geopolitical issues linked to the war in Ukraine and the question of the participation of Russian and Belarusian athletes to create a perfect storm of a privileged target that is potentially exposed.
The response has been to task ANSSI with the cybersecurity of the Games and all digital protection of the sporting event. A budget of 10mn euros has been dedicated to conducting security audits, and a third of the agency’s teams will be dedicated to the Games by their opening.
ANSSI also announced the holding of “several crisis exercises” in 2023, spanning not only cyberattacks that target sports infrastructures but also the numerous elements of the supply chain – supporting the Games such as the French Anti-Doping Agency and businesses involved in transport, timing services, ticketing and other functions.
Such anticipation and preparation is justified. Last April, the technological management of the Paris Olympics predicted a likelihood of cyberattacks “eight to ten times” higher than those targeting the Tokyo Games in 2020.
Identifying the attack and threat
What does an attack amidst such a perfect storm look like? One example is the attack which targeted the computer system of the PyeongChang Winter Olympic Games in 2018, which remained famous under the name “Olympic Destroyer”. More recently, on the eve of the NATO Summit in Lithuania on July 11, the city of Vilnius suffered several distributed denial of service (DDoS) cyberattacks, targeting the websites of the municipality.
Both the NATO Summit and the Paris Games share the symbolism of Ukrainian membership and sovereign recognition. It is reasonable to expect an organisation such as RomCom, located in Russia, whose campaign of phishing aimed to break into participants’ computers at the NATO Summit, will attempt to hit the Games.
The 2024 Games present a major strategic challenge. The events will be spread over fifteen sites and eleven for the Paralympic Games, not counting the sites in Île-de-France and the stadiums throughout the Metropolis and in Tahiti. These are all computer structures to monitor and protect.
Despite significant preparation, the event will require rapid agility and the ability to intervene quickly, in the event of a security risk. Efficiency, speed and precision will be the hallmarks of a successful defence.
Identifying and qualifying the threat remains a major challenge. This involves mapping all assets (PCs/laptops, tablets, laptops) present on the information system(s) concerned, in order to exclude compromised assets. But it is only the first step.
The ability to identify malicious actions on the computer network, followed by rapid intervention, at any point on the network to protect a targeted site – or on a central “node” – must be an essential element of cyber protection for the 2024 Games.
Such comprehensive protection, so far in advance, may seem excessive. But in the modern world, such anticipation is going to be a key aspect behind the scenes, to allow us to celebrate, together, the Olympic spirit and the greatest sporting event in the world.
About the Author
Jacques de La Rivière is CEO, of Gatewatcher. He has extensive work experience in various roles within the cybersecurity and software industry, including vice-president at Hexatrust, a cluster of 100 French and European software, cybersecurity leaders and cloud providers. Gatewatcher is a cybersecurity software provider specializing in advanced intrusion detection and is a market leader in high-performance solutions based on automation and machine learning methods. Jacques can be reached via LinkedIn and at the Gatewatcher company website: https://www.gatewatcher.com/en/